| 1 | /**/ |
| 2 | |
| 3 | #include "internal.h" |
| 4 | |
| 5 | static void cname_recurse(adns_state ads, adns_query qu, adns_queryflags xflags) { |
| 6 | abort(); /* FIXME */ |
| 7 | } |
| 8 | |
| 9 | void adns__procdgram(adns_state ads, const byte *dgram, int dglen, |
| 10 | int serv, struct timeval now) { |
| 11 | int cbyte, rrstart, wantedrrs, rri, foundsoa, foundns; |
| 12 | int id, f1, f2, qdcount, ancount, nscount, arcount, flg_ra, flg_tc; |
| 13 | int rrtype, rrclass, rdlength, rdstart, ownermatched, ownerstart; |
| 14 | int anstart, nsstart, arstart; |
| 15 | int currentrrs; |
| 16 | adns_query qu, nqu; |
| 17 | dns_rcode rcode; |
| 18 | adns_status st; |
| 19 | adns_answer *ans; |
| 20 | |
| 21 | cbyte= 0; |
| 22 | |
| 23 | if (dglen<DNS_HDRSIZE) { |
| 24 | adns__diag(ads,serv,"received datagram too short for message header (%d)",dglen); |
| 25 | return; |
| 26 | } |
| 27 | GET_W(cbyte,id); |
| 28 | GET_B(cbyte,f1); |
| 29 | GET_B(cbyte,f2); |
| 30 | GET_W(cbyte,qdcount); |
| 31 | GET_W(cbyte,ancount); |
| 32 | GET_W(cbyte,nscount); |
| 33 | GET_W(cbyte,arcount); |
| 34 | assert(cbyte == DNS_HDRSIZE); |
| 35 | |
| 36 | flg_tc= f1&0x20; |
| 37 | flg_ra= f2&0x80; |
| 38 | |
| 39 | if (f1&0x80) { |
| 40 | adns__diag(ads,serv,"server sent us a query, not a response"); |
| 41 | return; |
| 42 | } |
| 43 | if (f1&0x70) { |
| 44 | adns__diag(ads,serv,"server sent us unknown opcode %d (wanted 0=QUERY)", |
| 45 | (f1>>4)&0x70); |
| 46 | return; |
| 47 | } |
| 48 | if (!qdcount) { |
| 49 | adns__diag(ads,serv,"server sent reply without quoting our question"); |
| 50 | return; |
| 51 | } else if (qdcount>1) { |
| 52 | adns__diag(ads,serv,"server claimed to answer %d questions with one message", |
| 53 | qdcount); |
| 54 | return; |
| 55 | } |
| 56 | for (qu= ads->timew.head; qu; qu= nqu) { |
| 57 | nqu= qu->next; |
| 58 | if (qu->id != id) continue; |
| 59 | if (dglen < qu->querylen) continue; |
| 60 | if (memcmp(qu->querymsg+DNS_HDRSIZE,dgram+DNS_HDRSIZE,qu->querylen-DNS_HDRSIZE)) |
| 61 | continue; |
| 62 | break; |
| 63 | } |
| 64 | assert(qu->cnameoff == -1); |
| 65 | anstart= qu->querylen; |
| 66 | if (!qu) { |
| 67 | adns__debug(ads,serv,"reply not found (id=%02x)",id); |
| 68 | return; |
| 69 | } |
| 70 | |
| 71 | LIST_UNLINK(ads->timew,qu); |
| 72 | /* We're definitely going to do something with this query now */ |
| 73 | |
| 74 | if (!(f1&0x01)) { |
| 75 | adns__diag(ads,serv,"server thinks we didn't ask for recursive lookup"); |
| 76 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 77 | return; |
| 78 | } |
| 79 | |
| 80 | rcode= (f1&0x0f); |
| 81 | switch (rcode) { |
| 82 | case rcode_noerror: |
| 83 | case rcode_nxdomain: |
| 84 | break; |
| 85 | case rcode_formaterror: |
| 86 | adns__warn(ads,serv,"server cannot understand our query (Format Error)"); |
| 87 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 88 | return; |
| 89 | case rcode_servfail: |
| 90 | adns__query_fail(ads,qu,adns_s_servfail); |
| 91 | return; |
| 92 | case rcode_notimp: |
| 93 | adns__warn(ads,serv,"server claims not to implement our query"); |
| 94 | adns__query_fail(ads,qu,adns_s_notimplemented); |
| 95 | return; |
| 96 | case rcode_refused: |
| 97 | adns__warn(ads,serv,"server refused our query"); |
| 98 | adns__query_fail(ads,qu,adns_s_refused); |
| 99 | return; |
| 100 | default: |
| 101 | adns__warn(ads,serv,"server gave unknown response code %d",rcode); |
| 102 | adns__query_fail(ads,qu,adns_s_reasonunknown); |
| 103 | return; |
| 104 | } |
| 105 | |
| 106 | /* Now, take a look at the answer section, and see if it is complete. |
| 107 | * If it has any CNAMEs we stuff them in the answer. |
| 108 | */ |
| 109 | wantedrrs= 0; |
| 110 | for (rri= 0; rri<ancount; rri++) { |
| 111 | rrstart= cbyte; |
| 112 | if (qu->cnameoff >= 0) { |
| 113 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 114 | &rrtype,&rrclass,&rdlength,&rdstart, |
| 115 | dgram,dglen,qu->cnameoff, &ownermatched); |
| 116 | } else { |
| 117 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 118 | &rrtype,&rrclass,&rdlength,&rdstart, |
| 119 | qu->querymsg,qu->querylen,DNS_HDRSIZE, &ownermatched); |
| 120 | } |
| 121 | if (st) adns__query_fail(ads,qu,st); |
| 122 | if (rrtype == -1) goto x_truncated; |
| 123 | |
| 124 | if (rrclass != DNS_CLASS_IN) { |
| 125 | adns__diag(ads,serv,"ignoring answer RR with wrong class %d (expected IN=%d)", |
| 126 | rrclass,DNS_CLASS_IN); |
| 127 | continue; |
| 128 | } |
| 129 | if (!ownermatched) { |
| 130 | if (ads->iflags & adns_if_debug) { |
| 131 | st= adns__get_domain_temp(ads,qu,serv, dgram,dglen,&rrstart,dglen, &ownerstart); |
| 132 | if (st) |
| 133 | adns__debug(ads,serv, "ignoring RR with an irrelevant owner" |
| 134 | " whose format is bad, code %d",st); |
| 135 | else if (ownerstart>=0) |
| 136 | adns__debug(ads,serv, "ignoring RR with an irrelevant owner" |
| 137 | " \"%s\"", qu->ans.buf+ownerstart); |
| 138 | else |
| 139 | adns__debug(ads,serv,"ignoring RR with an irrelevant truncated owner"); |
| 140 | } |
| 141 | continue; |
| 142 | } |
| 143 | if (qu->cnameoff<0 && |
| 144 | (qu->typei->type & adns__rrt_typemask) != adns_r_cname && |
| 145 | rrtype == adns_r_cname) { /* Ignore second and subsequent CNAMEs */ |
| 146 | st= adns__get_domain_perm(ads,qu,serv, dgram,dglen, |
| 147 | &rdstart,rdstart+rdlength,&qu->cnameoff); |
| 148 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 149 | if (qu->cnameoff==-1) goto x_truncated; |
| 150 | /* If we find the answer section truncated after this point we restart |
| 151 | * the query at the CNAME; if beforehand then we obviously have to use |
| 152 | * TCP. If there is no truncation we can use the whole answer if |
| 153 | * it contains the relevant info. |
| 154 | */ |
| 155 | } else if (rrtype == (qu->typei->type & adns__rrt_typemask)) { |
| 156 | wantedrrs++; |
| 157 | } else { |
| 158 | adns__debug(ads,serv,"ignoring answer RR with irrelevant type %d",rrtype); |
| 159 | } |
| 160 | } |
| 161 | |
| 162 | /* If we got here then the answer section is intact. */ |
| 163 | nsstart= cbyte; |
| 164 | |
| 165 | if (!wantedrrs) { |
| 166 | /* Oops, NODATA or NXDOMAIN or perhaps a referral (which would be a problem) */ |
| 167 | |
| 168 | if (rcode == rcode_nxdomain) { |
| 169 | adns__query_finish(ads,qu,adns_s_nxdomain); |
| 170 | return; |
| 171 | } |
| 172 | |
| 173 | /* RFC2308: NODATA has _either_ a SOA _or_ _no_ NS records in authority section */ |
| 174 | foundsoa= 0; foundns= 0; |
| 175 | for (rri= 0; rri<nscount; rri++) { |
| 176 | rrstart= cbyte; |
| 177 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 178 | &rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0); |
| 179 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 180 | if (rrtype==-1) goto x_truncated; |
| 181 | if (rrclass != DNS_CLASS_IN) { |
| 182 | adns__diag(ads,serv,"ignoring authority RR with wrong class %d (expected IN=%d)", |
| 183 | rrclass,DNS_CLASS_IN); |
| 184 | continue; |
| 185 | } |
| 186 | if (rrtype == adns_r_soa_raw) { foundsoa= 1; break; } |
| 187 | else if (rrtype == adns_r_ns_raw) { foundns= 1; } |
| 188 | } |
| 189 | |
| 190 | if (foundsoa || !foundns) { |
| 191 | /* Aha ! A NODATA response, good. */ |
| 192 | adns__query_finish(ads,qu,adns_s_nodata); |
| 193 | return; |
| 194 | } |
| 195 | |
| 196 | /* Now what ? No relevant answers, no SOA, and at least some NS's. |
| 197 | * Looks like a referral. Just one last chance ... if we came across |
| 198 | * a CNAME then perhaps we should do our own CNAME lookup. |
| 199 | */ |
| 200 | if (qu->cnameoff != -1) { cname_recurse(ads,qu,0); return; } |
| 201 | |
| 202 | /* Bloody hell, I thought we asked for recursion ? */ |
| 203 | if (!flg_ra) { |
| 204 | adns__diag(ads,serv,"server is not willing to do recursive lookups for us"); |
| 205 | adns__query_fail(ads,qu,adns_s_norecurse); |
| 206 | return; |
| 207 | } |
| 208 | adns__diag(ads,serv,"server claims to do recursion, but gave us a referral"); |
| 209 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 210 | return; |
| 211 | } |
| 212 | |
| 213 | /* Now, we have some RRs which we wanted. */ |
| 214 | |
| 215 | qu->rrsoff= adns__vbuf_malloc(&qu->ans,qu->typei->rrsz*wantedrrs); |
| 216 | if (qu->rrsoff == -1) adns__query_fail(ads,qu,adns_s_nolocalmem); |
| 217 | |
| 218 | cbyte= anstart; |
| 219 | currentrrs= 0; |
| 220 | arstart= -1; |
| 221 | for (rri=0; rri<ancount; rri++) { |
| 222 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 223 | &rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0); |
| 224 | assert(!st); assert(rrtype != -1); |
| 225 | if (rrclass != DNS_CLASS_IN || |
| 226 | rrtype != (qu->typei->type & adns__rrt_typemask)) |
| 227 | continue; |
| 228 | assert(currentrrs<wantedrrs); |
| 229 | st= qu->typei->get_fn(ads,qu,serv, dgram,dglen, &rdstart,rdstart+rdlength, |
| 230 | nsstart,arcount,&arstart, qu->rrsoff,¤trrs); |
| 231 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 232 | if (currentrrs==-1) goto x_truncated; |
| 233 | } |
| 234 | |
| 235 | /* This may have generated some child queries ... */ |
| 236 | if (qu->children.head) { |
| 237 | qu->state= query_child; |
| 238 | LIST_LINK_TAIL(ads->childw,qu); |
| 239 | return; |
| 240 | } |
| 241 | |
| 242 | adns__query_finish(ads,qu,adns_s_ok); |
| 243 | return; |
| 244 | |
| 245 | x_truncated: |
| 246 | if (!flg_tc) { |
| 247 | adns__diag(ads,serv,"server sent datagram which points outside itself"); |
| 248 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 249 | return; |
| 250 | } |
| 251 | if (qu->cnameoff != -1) { cname_recurse(ads,qu,adns_qf_usevc); return; } |
| 252 | qu->cnameoff= -1; |
| 253 | qu->rrsoff= -1; |
| 254 | ans= (adns_answer*)qu->ans.buf; |
| 255 | ans->nrrs= 0; |
| 256 | qu->ans.used= sizeof(adns_answer); |
| 257 | qu->flags |= adns_qf_usevc; |
| 258 | adns__query_udp(ads,qu,now); |
| 259 | } |